1 / 38

Ben Greenstein, Jeff Pang, Ramki Gummadi, Srini Seshan, and David Wetherall

Two reasons you can’t trust a wireless network (and some stuff that goes on at Intel Research Seattle). Ben Greenstein, Jeff Pang, Ramki Gummadi, Srini Seshan, and David Wetherall.

lise
Download Presentation

Ben Greenstein, Jeff Pang, Ramki Gummadi, Srini Seshan, and David Wetherall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Two reasons you can’t trust a wireless network (and some stuff that goes on at Intel Research Seattle) • Ben Greenstein, Jeff Pang, Ramki Gummadi, Srini Seshan, and David Wetherall Jeff Hightower, Ali Rahimi, Ian Smith, Josh Smith, Matthai Philipose, Tanzeem Choudhury, Sunny Consolvo, Beverly Harrison, Anthony LaMarca

  2. Intel Research Seattle (IRS) • Lab focus is on computing systems that work in everyday environments (ubiquitous computing) • Magic formula: • Evaluate the need for a technology • Build neat hardware (EE) • Apply magic statistics (ML) • Provide user feedback (HCI) • + Ben + Wetherall (NET/SYS) = new focus on mobile networking and systems

  3. Magic Statistics:Sensor-based activity recognition • Problem: it’s very hard to understand what people are doing with vision • Idea: instrument objects/people and use machine learning on sensor data to recognize their activities • For eldercare, fitness, social dynamics, …

  4. Neat Hardware:Mobile Sensing Platform • Platform Features • Built on iMote2 • Linux OS • 32M RAM • 2GB flash storage • ZigBee & Bluetooth radios • 10 on-board sensors • 3D Accelerometer, 2D Compass, Barometer, Humidity, Visible light, Infrared light, Temperature • UART, GPIO breakouts for additional sensors • ~16 hour battery life MSP body-worn version MSP sensor brick version

  5. activities tm = 5 min tm = 30s tm = 2 min 0.4 0.2 0.4 0.3 0.6 0.4 0.2 kettle cup stove sugar faucet teabag milk Neat Hardware:iBracelet – an RFID tag reader • Bracelet detects nearby tag • Observation: What you use determines what you do

  6. User Feedback:Ubiquitous Fitness (UbiFit) • Challenge: Use ubiquitous computing to encourage people to sustain an increased level of physical activity • Approach: Phone to provide personal awareness whenever & wherever the user is + + = MSP for automatic activity detection & mobile phone for manual entry of activities

  7. Other Projects:WiSPs: Smart RFID tags • Problem: Rich sensor networks hit lifetime/size constraints due to batteries • Idea: Extend long-range RFID to provide sensor capabilities • Tags are passive, harvest power to compute/communicate • Tags host sensors/actuators (acceleration, light, LEDs, flash) • Custom analog circuit for power, communications

  8. Other Projects:Software radio/RFID • Build an EPC Gen2 RFID reader w/ USRP • Some hardware tweaks needed • WiSPs let the tag side be changed already • No RFID systems work(?) and many issues to explore • Particularly for a sensor network context • Multi-access, energy, reliability, privacy, …

  9. Other Projects:Personal Robotics • Problem: robots mostly function in well structured environments, e.g., factories • Idea: use sensing/ML to enable robots to function in less structured environments • E-field gripper for manipulation • WiSPs for localization • 3D laser range finder • vision

  10. Pedestrian Navigator demo: Google Earth maps stay oriented to heading and 3D image stays level to the ground Other Projects:Ultra-mobile devices • Problem: Desktop interaction don’t work well for small, mobile devices • Idea: looking at this now … MSB iMote An Inertial Board in the 3-board MSP stack

  11. Other Projects:Trustworthy Wireless • Problem: wireless lacks privacy and is vulnerable to interference • Idea: Randomize/encrypt communications to exclude attacker XXXXXXXXXX Authorized server: AP, reader … Client: Tag, MSP, phone, laptop … eavesdrop interfere Third party (nearby)

  12. Trustworthy wireless topics • Reason 1: Privacy threat • Jeff Pang (CMU) • Reason 2: Vulnerability to interference

  13. Location Privacy is Now at Risk Your MAC address: 00:0E:35:CE:1F:59 Usually < 100m “The New You” “The Adversary” The problem scales “The Old You”

  14. The Privacy Threat Posed by Wireless Communication is Real David J. Wetherall Anonymized 802.11 Traces from SIGCOMM 2004 Search on Wigle for “djw” in the Seattle area A pseudonym Google pinpoints David’s home (to within 200 ft)

  15. PeepResearch.org Problem: Researchers propose using pseudonyms, but is this enough? “You” “The Adversary”

  16. PeepResearch.org Another Real Example: Some “Anonymous” Guy BitTorrents 0.5G of Data at a Conference in 2004 ConsistentCard/DriverCharacteristics SSID:Roofnet IMAPServer SSHServer Broadcast Packets with Sizes 239, 245, 257 “A guy from MIT” “You” “The Adversary”

  17. Network Destinations Set of IP <address, port> pairs in a traffic sample SSIDs in Probe Requests Set of networks advertised in a traffic sample Broadcast Packet Sizes Set of 802.11 broadcast packet sizes seen in a traffic sample MAC Protocol Fields Header bits (e.g., power mgmt., order) Supported rates Offered authentication algorithms Identifying Features

  18. Methodology Label: Bertha Features: SSIDs, etc. Features: SSIDs, etc. Label: John Features: SSIDs, etc. Features: SSIDs, etc. “The adversary” Label: Mary Features: SSIDs, etc. Features: SSIDs, etc. Ethereal TRAINING VALIDATION

  19. Simulate using SIGCOMM, USCD and Home traces Split trace into training data and validation data Sample = 1 hour of traffic to/from a user Ignore MACs for the latter presume pseudonyms Methodology “The adversary” Ethereal

  20. Did This Traffic Sample Come from User U? Distance Metric: Set similarity (Jaccard Index), weighted by frequency: Rare djw linksys IR_Guest SIGCOMM_1 Common SAMPLE FORVALIDATION PROFILE FROMTRAINING

  21. = Did This Traffic Sample Come from User U? Naïve Bayesian Classifier: We say sample s (with features fi) is from user U if LHS > T We vary T for different True Positive / False Positive Rates

  22. UCSD: 60% TPR with 1% FPR Perfect classifier would have 90% TPR for ~0% FPR Higher FPR, likely due to not being user specific Useful only in combination with other features, to rule out identities Receiver Operating Characteristics (ROCs) sensitivity 1 - specificity

  23. Combining features helps • In public networks, samples from 1 in 4 users are identified >50% of the time with 0.999 accuracy bcast + ssids + fields + netdests bcast + ssids + fields bcast + ssids

  24. Was User U Here at Time t? • Maybe… • Over an 8 hour day, 8 opportunities to misclassify a user’s traffic • Instead, say user U is present if multiple samples are classified as being his TPRtarget Pr [ X belief ] FPRtarget Pr [ Y  belief ] belief is number of samples you believe are from U X is binomial r. v. with params n = active and p = tprQ1 Y is binomial r. v. with params n = 8 and p  1-(1-fprQ1)N

  25. In a busy coffee shop with 25 concurrent users, more than half (54%) can be identified with 90% accuracy 4 sample median to detect 27% with two 9s. One 9 of Accuracy…

  26. Conclusion: Pseudonyms Are Insufficient • 4 new identifiers: netdests, ssids, fields, bcast • Average user emits highly distinguishing identifiers • Adversary can combine features • Future • Uncover more identifiers (timing, etc.) • Build a usable 802.11 network (APs and clients) that protects privacy • Encrypted names/addresses • Hidden resource discovery/binding • Online verification of privacy • Channel hopping to resist interference • Working out next steps now

  27. Trustworthy wireless topics • Reason 1: Privacy threat • Reason 2: Vulnerability to interference • Ramki Gummadi (USC)

  28. Communication in the ISM band is vulnerable to interference • Increasingly crowded • Un-(under)-regulated n2

  29. Interference threats Malicious Selfish

  30. Characterize how 802.11 operates with interference in practice Improve design to better tolerate interference Unacceptable for a low power or a narrow-band interferer to bring throughput to zero Problem theory practice Reception Rate SNR (logscale)

  31. Barker Correlator PHY MAC To RF Amplifiers AGC RF Signal ADC TimingRecovery Demodulator Descrambler Data (includes beacons) 6-bit samples Preamble Detector/Header CRC-16 Checker Receiver = Vulnerabilities 802.11 Implementation Vulnerabilities • Jam with 1s → SYNC on sender clock lost • Emit burst at frame start → Gain set incorrectly • Even with weak interferer, b/c attenuated disproportionately • Send premature start frame delimiter → packet misinterpreted • Damage consecutive beacons → clients disassociate

  32. Experimental Setup • Single active attacker • Can vary power and frequency • Can output arbitrary waveforms • Unattenuated PRISM • Attenuated PRISM • 802.15.4 E Wired Endpoint UDP/TCP traffic between client/wired endpoint through AP AccessPoint AP I 802.11 C WirelessClient

  33. Characterizing 802.11 Interference • How far (i.e., by changing power) can the attacker be and still be effective? • E.g., dynamic range selection interference • How much does frequency separation help?

  34. Dynamic range selection • On-off random patterns (5ms/1ms) AGC: V > t, -30dB Result: ADC over/underflow

  35. Impact of frequency separation

  36. Rapid channel hopping • With existing hw! • Dwell period is 10ms, switching latency is 250µs • AP exchanges encrypted MD5 seed with clients • AP and clients independently hop to the same channel

  37. Evaluation of channel hopping

  38. Conclusions • Selfish and malicious interferers cause substantial degradation in commodity NICs • Even weak and narrow-band interferers are effective • Changing 802.11 parameters does not mitigate interference, but rapid channel hopping can

More Related